Security with WebLogic (JAASRealm)

[LaurenceNoton <la...@googlemail.com>]

Hello

I am trying to use a JAASRealm for authentication.  I have set up the Realm
and it is authenticating with a WebLogic instance and returns a user back
(WLSUserImpl) with their groups (if any WLSGroupImpl).  I have a custom
verison of the WebLogic provided UsernamePasswordLoginModule which doesnt
pass in a URLCallback!

I now want to look up an EJB on the remote WebLogic server within a servlet,
this works too but if I call a secured method (requirings you to have a
Group) I get a security error.  User <anonymous> cannot......

I have managed to get the Subject from the HTTPSession and then with that
call weblogic.security.Security.runAs( subject, new
MyEJBLookUpAndCallAction() );  I have the weblogic.jar in the tomcat
classpath, and this works fine.  Is there away to make is cleaner and just
be able to look up the ejb and call it with out having to do the run as? 
For some reason Tomcat is not assoicating the Subject with the thread.

Also: I have debugged the login module and a Subject is created correctly -
with WLSUserImpl and WLSGroupImpl, but the Subject I get back from the
HTTPSession only has the user in it with no groups.


Any help is appreciated.

Thanks,

Laurence.

-- 
View this message in context: http://www.nabble.com/Security-with-WebLogic-%28JAASRealm%29-tp16824943p16824943.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org